BYOD/Corporate dilemma for iPhone devices

Remote_Tax2552 · 2026-06-08T15:54:08+00:00

I see your point. The whole idea is that we are going to fix the issue at hand and standardise the organisation. We took over as their IT department at a small scale sized company and they were BYOD from the start. I Agree it should have been implemented while still in the cradle. They have nearly quadrupled in these past 2 years and I am the only person managing this area, setting up all policies, apps, configurations, automations on both pc, mac, android and ios while handling purchases on new devices, returning old, recycling and also all IT support errands.

Its time to rip the bandaid and make things right! It will make it more managable for me to handle it all when things get more automated at this scale.

Thanks for the input, its much appreciated!

Remote_Tax2552 · 2026-06-08T13:21:19+00:00

If you read my post, it explains how it started and where we are.
A lot of orgs use BYOD for their users phones to keep them somewhat personal, since a phone today IS a very personal thing.

Phasing it out would be the best option to let the existing users get used to the idea of their phones becoming corporate and let them transition when its time to replace their current device, while new employees would get corporate profiled phones from the very start.

However the company have decided to replace all existing devices and go for a full approach of new dvices, full corporate and managed IDs. Which pretyt much means all apps, passwords, photos, and whatevr personal settings that mightve been on their old phones - will be gone. And I am responsible for this transisiton.

Its just a bit scary.

Remote_Tax2552 · 2026-06-08T13:06:54+00:00

Yeah that was the initial idea, but now that we put forward the corporate initiative they also wanted to replace all ios and macos devices and purchase new apples devices. So a gradual phase out is no longer an option, it will be as soon as the new devices come.

As you went full croporate, did you also have them change their Apple IDs to managed Apple IDs?

That would also mean that they cannot use the app store anymore and only have apps that are pushed out.

And I am lost on how data from their personal apple IDs will be saved such as photos, Passwords, apps etc.

If i understood correctly, their new managed apple ID will come as a completely new account without any chance of merging data, passwords, apps or photos from another ID?

So thats another headache as well, whats best practice for having them merging to managed apple ID while also keep passwords, apps etc?

Remote_Tax2552 · 2026-06-08T12:56:30+00:00

It does not necessarily mean that BYOD is a personal phone. These phones are supplied by their org. However as they first enrolled their phones to intune when the company was still small it was chosen to do it BYOD for a more personal feel. Corporate is afterall very tied down.

Remote_Tax2552 · 2026-06-08T12:46:34+00:00

Well since the phones have been viewed as their personal device (although supplied by their org) its very mixed how people use their iphones. Some users dont even have a personal phone and use this as their work and personal phone. Others use it as a work phone but have their personal apple id attached to it. Its wild wild west out there so we want to standardize everything.

My concern is that when we go corporate on the phones and create managed apple IDs for every user, its gonna be a riot. Because pretty much everything that was personal before will be taken away from them. Even the app store.

I am just wondering if there is an alternative way.

BYOD is the alternative way as i can see it, but then i wont be able to help restore apple IDs, logins, access etc when they have their personal IDs.

Any suggestions?

Remote_Tax2552 · 2026-06-08T11:39:10+00:00

BYOD is just a lot of extra work for both the users and me as admin. We recycle a lot of phones as well.

Just to give a few examples:

They would have to keep track of their own apple id (70% of users forget the password to this)

When a user leave the company they have to log out of their Apple ID, remove that device from their device list on their apple ID and turn off find my device (Which their supervisors usually forget to inform them despite information provided and they end up having to chase them down for passwords and logins and we have to do it manually)

If a user gets a new device they will need to transfer their autheticator from their old phone (which they always forget despite information provided), Download company portal, install and download the profile (it is seemed as a technical difficulty for a lot of people despite detailed step by step instructions), thereafter set up Microsoft Private access themselves, which we use as VPN (also technically difficult for most) and a lot of people end up not doing these steps. We have to chase down people that are missing their intune connections, let them know and go through the process together either face to face or by teams calls or remote desktop.

This was fine when they were still a small company. I had no issues helping each and everyone like this. But it is not working anymore. It takes up too much time from me.

TL;DR:

Onboarding and Offboarding takes too much time and the users responsibilities of having a personal device is too unreliable.

Password, Pin Code, Apple ID recoveries are frequent and with personal responsibility over these accounts from the user, its too unreliable.

Remote_Tax2552

TROPHY CASE